[ubuntu/oneiric] refpolicy 2:0.2.20100524-9ubuntu1 (Accepted)
Angel Abad
angelabad at ubuntu.com
Tue May 17 13:00:19 UTC 2011
refpolicy (2:0.2.20100524-9ubuntu1) oneiric; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/control: drop "selinux" conflict (Debian bug 576598)
refpolicy (2:0.2.20100524-9) unstable; urgency=low
* Make gnome.pp not be autoloaded and revert some of the gnome stuff from the
previous version. Getting gnome (gconfd) policy to work correctly is too
hard for Squeeze.
* Allow user_t to talk to xdm_var_run_t sockets so switch user can work.
* Allow mailman_mail_t to read /dev/urandom and usr_t files
* Allow xenconsoled_t capability sys_tty_config and create unix_dgram_socket
* Allow iodine_t to read /proc/filesystems
* Allow jabber_t to write it's fifos, process set/getsched, connect to
generic tcp ports, and bind to udp ports.
* Label /var/lib/sudo as pam_var_run_t
* Allow sshd_t to read gitosis files.
* Made the gitosis label apply to /srv/gitosis.
* Allow webalizer to read usr_t files for geoip database.
* Allow user_t and staff_t consolekit_dbus_chat() access so they can
determine their session status - necessary to login in KDE sometimes.
* Label ~/.gnupg/gpg.conf as user_home_t and allow user_t to list directories
of type gpg_secret_t so gpg-agent can start.
* Allow gpg_agent_t to launch a user session and send sigchld to xdm_t
* Allow user_ssh_agent_t to send sigchld to xdm_t and allow it to run the
gpg agent.
* Add new paths for chromium-browser to support the version in unstable,
needed for backports.
* Allow user_mail_t to transition to postfix_master_t for postalias, confined
by roles. Uses domain_system_change_exemption() for user_mail_t via
postfix_domtrans_master() which isn't ideal.
Date: Tue, 17 May 2011 14:44:24 +0200
Changed-By: Angel Abad <angelabad at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Angel Abad <angelabad at gmail.com>
https://launchpad.net/ubuntu/oneiric/+source/refpolicy/2:0.2.20100524-9ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 17 May 2011 14:44:24 +0200
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc
Architecture: source
Version: 2:0.2.20100524-9ubuntu1
Distribution: oneiric
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Angel Abad <angelabad at ubuntu.com>
Description:
selinux-policy-default - Strict and Targeted variants of the SELinux policy
selinux-policy-dev - Headers from the SELinux reference policy for building modules
selinux-policy-doc - Documentation for the SELinux reference policy
selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
selinux-policy-src - Source of the SELinux reference policy for customization
Changes:
refpolicy (2:0.2.20100524-9ubuntu1) oneiric; urgency=low
.
* Merge from debian unstable. Remaining changes:
- debian/control: drop "selinux" conflict (Debian bug 576598)
.
refpolicy (2:0.2.20100524-9) unstable; urgency=low
.
* Make gnome.pp not be autoloaded and revert some of the gnome stuff from the
previous version. Getting gnome (gconfd) policy to work correctly is too
hard for Squeeze.
* Allow user_t to talk to xdm_var_run_t sockets so switch user can work.
* Allow mailman_mail_t to read /dev/urandom and usr_t files
* Allow xenconsoled_t capability sys_tty_config and create unix_dgram_socket
* Allow iodine_t to read /proc/filesystems
* Allow jabber_t to write it's fifos, process set/getsched, connect to
generic tcp ports, and bind to udp ports.
* Label /var/lib/sudo as pam_var_run_t
* Allow sshd_t to read gitosis files.
* Made the gitosis label apply to /srv/gitosis.
* Allow webalizer to read usr_t files for geoip database.
* Allow user_t and staff_t consolekit_dbus_chat() access so they can
determine their session status - necessary to login in KDE sometimes.
* Label ~/.gnupg/gpg.conf as user_home_t and allow user_t to list directories
of type gpg_secret_t so gpg-agent can start.
* Allow gpg_agent_t to launch a user session and send sigchld to xdm_t
* Allow user_ssh_agent_t to send sigchld to xdm_t and allow it to run the
gpg agent.
* Add new paths for chromium-browser to support the version in unstable,
needed for backports.
* Allow user_mail_t to transition to postfix_master_t for postalias, confined
by roles. Uses domain_system_change_exemption() for user_mail_t via
postfix_domtrans_master() which isn't ideal.
Checksums-Sha1:
284306f38cbe71bc5be8a0ef3b827936152efe5f 1621 refpolicy_0.2.20100524-9ubuntu1.dsc
8bc266a3377b153d330a4451da22943438ec1895 117117 refpolicy_0.2.20100524-9ubuntu1.diff.gz
Checksums-Sha256:
6d131978a56b26958687c092455e4933e9b551cf8cc8fb445370514083a127c8 1621 refpolicy_0.2.20100524-9ubuntu1.dsc
4abe2e3ab7825b027842b3d91e67b1133c7b91f0697a9c975be78d0324557000 117117 refpolicy_0.2.20100524-9ubuntu1.diff.gz
Files:
8dc2583030194420ab4dd6df021b8a13 1621 admin optional refpolicy_0.2.20100524-9ubuntu1.dsc
0322ad01a9edc7fbd14e210bff81dcf5 117117 admin optional refpolicy_0.2.20100524-9ubuntu1.diff.gz
Original-Maintainer: Russell Coker <russell at coker.com.au>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3ScTEACgkQCY2uR+47wnlgxgCbBYsRaEqD///p8czCrYlyscN7
ckcAnAg+6tlb72OC3uhjLagqw9ySsRec
=+4C3
-----END PGP SIGNATURE-----
More information about the Oneiric-changes
mailing list